How To Protect Your Home Office and Business Against Disaster

Disaster Recovery Isn’t Just for Big Companies; Small Business Owners Need Protection, Too

By Kate J. Chase, published Nov 10, 2005

Takeaways
Regular backups of your computer files is a critical recovery step.
Keep an emergency kit with all you need, ready to grab at a moment’s notice
Have hard copies of your customer/contract contacts and account details.

Recent big and bad storms like Hurricanes Katrina and Rita have taught many a tough lesson in how quickly we can lose everything we have in the blink of an eye. Along with homes, vehicles, and prized personal possessions, those who work at home risk losing their very ability to do business. Then, trying to get back to work becomes a bigger nightmare when you also have to struggle to find temporary accommodations.

Yet there are steps you can take to make it possible for you to get back to business so you can earn the next paycheck you desperately need. If you spend even just a few hours each month to make copies of important material and other prep tasks, you may be well prepared enough to set up shop again from just about anywhere, including a family member’s home or a hotel or motel.

Do full system backups of your computer on a regular basis. Do this at least once a week. You can use this backup to restore the contents of your hard disk to a new computer, if needed. If at all possible, consider storing backup copies at a remote location on a regular basis. You can mail a recorded CD or DVD once a week to a trusted friend or family member, store them in a safe deposit box in a nearby town, or some other avenue that lets you keep a copy away from your physical office.

If you keep all records of your clients, customers, vendors, distributors, and others you do business with strictly on your computer, you want to make at least one hard copy of this information and update the copy regularly, to reflect new additions or remove no longer live accounts. Keep a copy of this with your portable computer, if you have one.

If you have a notebook or tablet computer, have it in good working order and set up with all the programs you need to run your business. For example, if you use QuickBooks to do your accounting, Microsoft Word to prepare documents, and DreamWeaver to manage a small business Web site, have those applications installed on the portable system. When you make backups of your computer drive contents, make an extra copy that you can slip into your portable computer carrying case.

Do you belong to any local, regional, or national professional associations? See if they have a plan to help members in an emergency or suggest other members network with you; a colleague may be able to loan you office space for a week or two if you also promise to provide the same if they run into trouble.

Create an emergency kit, such as a suitcase you fill with basic office supplies, copies of essential paperwork, and anything else you think you need to get your office running elsewhere. Leave room in the case so that if you have time to pack more before you have to evacuate, you can grab your pack of master install CDs, your most recent backup, financial documents including the business checkbook, and anything else that is important to your job. You can also purchase fire proof, crush proof safety boxes to store your emergency kit contents.

Save Your Time and Your Data with Automatic Backup Software

Save Your Time and Your Data with Automatic Backup Software

By Allen Butler, published Nov 02, 2005

Takeaways
Data backup is essential to keeping your data safe
Automatic backup allows you to keep your data backed up without worrying about it
There are many different automatic backup software programs out there for you

Your data is what makes your computer valuable to you. Sure, you might have an incredible machine, but it is the data on it that makes it important. That is what makes your computer uniquely yours. What if something were to happen to your data? There are many dangers that threaten your data. System crashes, physical hard drive crashes, power surges, theft, fire.

If you experience data loss, there are options to get that data back. Like using recovery software or hiring a data recovery or disaster recovery company. But these processes can be exceedingly time-consuming and even more money-consuming.

The best way to ensure your data is safe and secure is to keep good backups. The more backups the better. As long as you have your data stored in some medium, be it CD-ROM, key drive, external hard-drive, whatever, other than your hard drive, nothing that happens to your main CPU can damage it.

Most people know the importance of having good backups. But most computer users still don’t backup most of their files. Why? Because they think it is expensive, or that it will take up too much of their time. Or they might even have backup software that makes it quite easy, but they just don’t think to run it as often as they should.

Automatic Backup Software
One of the best backup resources for computer users is automatic backup software. Automatic backup software takes on the task of backing up your data all by itself. Once you’ve set up the software an automatic backup program will run its routines automatically, no matter if you remember it or not or are even anywhere near the computer. Some automatic backup software will run even if you aren’t logged into your machine!

When you initially program your automatic backup software, you will inform it of what data it is that you want backed up and where you want to back it up at. For most automatic backup software it is easiest to use an external hard drive or a network hard drive to move the data onto, however you can use other backup media as well, depending on the software you use.

Most automatic backup software these days also uses a system known as differential backup. When you program your software, you will inform it of all the folders holding files which you deem as important and want to have backed up. When the software runs its automatic backup routine, it will backup all the files in these folders and put them onto your backup medium.

Differential backup makes this process easier and smoother, requiring less of your computer’s resources. If you have a lot of files, it can be very draining on the computer to backup every single file every day, when the vast majority of these files have already been backed up, and don’t need to be backed up again after the first time.

With differential backup, the software is able to recognize which files have been added or modified since its last backup by checking with the software already in storage. It will then only backup those files which need to be backed up, while ignoring files that have already been backed up.

Acquiring Automatic Backup Software
Most backup software will include automatic backup routines (as it is one of the more convenient and useful functions of backup software). However, not all backup software will include it. If you are looking to purchase or download some free backup software, you will want to make sure that it runs automatic backup.

Backup software isn’t terribly expensive. For personal users it generally runs somewhere in the range of $50 – $100 for top quality software (such as Genie Backup Manager or Iomega Automatic Backup). You can also get non name-brand automatic backup software cheaper that might have less special features but will still get the job done.

Many times backup media will include software that runs automatic backup routines. If you are in the market to buy a new system to store your backup data on, such as an external hard drive, you might want to look and see if any offer free automatic backup software with the unit.

Online backup services oftentimes include automatic backup software that is keyed to uploading your backup files to their server. As online backup services are still a somewhat new and growing field, there are few backup programs on the market right now that can handle them, unless the software comes directly from the service itself.

If you already own a backup medium, it is vital to make sure the backup software you purchase is compatible with it. With most name brand software compatibility isn’t a major concern, however it is always important to check, especially if you are going for a cheaper option.
If you are looking to improve your backup without buying anything at all, there are even free automatic backup software programs out there on the World Wide Web.

In summary, if you are looking for automatic backup software for your computer, the primary things you need to look at are:
1. Does the software actually include automatic backup?
2. Does the software offer differential backup?
3. Is the software compatible with my computer? (Can my computer run it?)
4. Is the software compatible with my chosen backup medium? (CD, DVD, Networked Computer, FTP Online Drive, etc.)
5. Can I afford the software?

Asking these questions while choosing your automatic backup software should help you make the right choices and ensure that you get the best bang for your buck. Backup is important, and you want to make sure that you do it properly without spending too much money

Recover from ANY Disaster in ONLY 15 minutes!

http://www.go-disasterrecovery.com

Our Backup and Disaster Recovery Solution is a tape replacement solution that includes disk to disk block level backups, off-site data storage, server virtualization capabilities and backups as frequent as every 15 minutes.

BDR = Backup & Disaster Recovery (or NAS Device)

We have addressed both Business Continuity and Disaster Recovery in the backup solution. When server hardware fails, we can minimize the downtime to your Business by providing a virtual environment on our BDR Appliance to host the failed server. This virtual server maintains the original server’s settings and application state prior to the failure. Typically, the process of ordering and configuring a new server takes a few days. While this takes place, our solution keeps you up and running. In addition to ensuring your server environment runs with minimal downtime, we provide a complete Disaster Recovery solution. Once configured, your servers securely send data off-site to a state-of-the-art colocation facility. In the event of a disaster, we can deliver and configure the original BDR Appliance with the latest backup image. From this point, we can perform Bare Metal Restorations to dissimilar hardware to have your environment up and running in the same state it was before the disaster.

So how does our solution work?
Well, first we place a BDR Appliance at your location and setup your servers to backup to the BDR Appliance. Once we have configured the BDR Appliance and servers, monitoring on those devices and the backup transfers to the colocation facility are being proactively monitored 24×7. If there are any failures relating to the backup, we are immediately notified and remotely resolve the issue.

Incremental Forever Technology
The technology that is being used to perform the backups is based on Incremental Forever Technology. Initially, we take a complete image or snapshot of the server. Then we perform incremental backups as frequently as every 15 minutes. These 15 minute incrementals capture the changes on the drives of the servers and are performed throughout the day. Once every 24 hour hours, all the 15 minute incrementals are collapsed into what we call a daily synthetic incremental. This process continues, creating weekly and monthly synthetic incrementals as time elapses. What this means to you is that we have increased the amount of your restore points. At any point in time, we are able to restore a failed server to any 15 minute period during the last 48 hours or any day of the current month, to any week of the previous month and any month as far as the backups were first started.

Block Level Backup
After the servers and BDR Appliance are configured, the initial backup occurs. This is a block level backup where the backup software is looking at the actual 1’s and 0’s on the hard disk. We take a complete image or snapshot of the server at this time. These snapshots happen at the partition or drive level so open or locked files and folders are always backed up. Once the data reaches the BDR Appliance, it is first compressed then encrypted using 256-bit encryption.

Military Grade Encryption
If you select the off-site storage option, the data transfer to the colocation facility takes place over a 256-bit encrypted tunnel. We use a smart transfer technology that allows us to cap the maximum outbound bandwidth used to transfer the backup’s off-site. This gives priority to all other outbound applications, such as email and Internet traffic. In this example, we have a 3mbps line for outbound traffic and the backup solution is capped at 1mbps. What this means is the outbound transfer for the backup solution will never exceed the 1mbps cap. Also, if email and Internet traffic is consuming most of the outbound bandwidth, the backup solution will throttle down and give priority to all other outbound traffic. This Smart Transfer technology is able to pick up where it left off if there is a disruption in Internet service. We continue the transfer from the last successful packet received.

Restore to Virtual Server
The BDR Appliance is capable of virtually hosting a server’s OS and applications in the event of a system failure. If a server fails, we can start a virtual environment on the BDR Appliance and restore the complete image of the server from the last snapshot that was taken, typically within the last 15 minutes. This process usually takes less than one hour, depending on the size of the disk being restored. Once the server’s image is running in the virtual environment, there are no additional configurations necessary as the system retains its original system state. For example, if an Exchange Server is virtually hosted, the IP address will remain the same so no configuration changes are needed for MX records or firewall settings. Once the virtual server is running, the backups occur every 15 minutes just as they did before the server crash.

Restore to Dissimilar Hardware
When it comes time to restore the server back to physical hardware, the process is quite simple. With our virtualization technology, we can restore to dissimilar hardware by inserting drivers into the Hardware abstraction layer before bringing up the server image on its new hardware. Once the server has been completely restored, the incremental backups continue to take place every 15 minutes so there is no disruption to the backup process.

File / Folder Restore
Another method of restoration is by mounting the image as a volume on the BDR Appliance and creating a network share that is mapped to this volume. In this example, we have a folder on the web server that was deleted 30 minutes ago. We can go back and restore a complete image of the server from 45 minutes ago and mount this as a volume on the BDR Appliance. Once mounted, a network share is created to enable users to copy and paste the files from the restoration image to the destination machine. This entire process only takes a few minutes to complete.

Exchange Server / SQL Server Restore
In addition to file and folder level restorations, we provide Exchange Server restores at the message and mailbox level. We have the ability to restore emails directly to an Exchange Server or to a PST file. SQL Server restores are accomplished by performing a file/folder level restore. We connect to the restored database and have the ability to restore individual tables or an entire database.

Enterprise Class Web Management Portal
We offer complete management and control of your solution by using a web based Enterprise class portal. Remember, there is nothing for you to manage; we do it all.

http://www.go-disasterrecovery.com

The Importance of Disaster Recovery Plans for Small Businesses

By Randall Olson, published Jan 19, 2008

Disasters can strike any time or anywhere, and they can impact businesses of all sizes. Small business owners who think they don’t need disaster recovery plans are likely to find themselves struggling to recover in the event of a natural, economic, or other type of disaster.

Disasters can strike any time or anywhere, and they can impact businesses of all sizes. Small business owners who think they don’t need disaster recovery plans are likely to find themselves struggling to recover in the event of a natural, economic, or other type of disaster.

The purpose of a disaster recovery plan is to spell out the actions that should be taken to protect the interests of the business, its employees, and its customers in the event that a serious problem impacting the company’s operations arises. Business owners who fail to plan for disaster recovery are at a loss regarding how to proceed when things go wrong.

Once a disaster strikes, it’s too late to stop and go through the planning process. To be effective, a disaster recovery plan must be in place before a problem arises. While it may not be possible to plan in advance for every possible situation that can harm a business, some problems are more likely to occur than others. By coming up with contingency plans for the most likely disasters, the negative effects of such events can often be mitigated.

The first step in creating a disaster recovery plan is to create a list of the events that are most likely to interfere with the company’s operations. For example, businesses located along the Gulf of Mexico need to have plans in place for handling a hurricane strike. Companies in parts of California need to have contingency plans in place for dealing with earthquakes and wildfires. All business that depend on access to data and information technology need to prepare for how to continue operations in the event of a server failure.

An effective recovery plan will list each possible type of problem and specify the steps that should be taken in the event that disaster strikes. Details about who is responsible for carrying out each step of the recovery plan should be specified very clearly, so there is no confusion regarding who is accountable for each task. When recovery plans can be implemented immediately, the process of returning to normal operations can be expedited.

Communicating the disaster recovery plan to everyone involved is very important. The plan itself isn’t what will help your business bounce back as quickly as possible from a disaster. It is the implementation of the plan that will help the company recover. When your disaster plan is written, it’s important to make sure that each employee knows his or her responsibilities and is prepared to act quickly and decisively toward the end purpose of helping the company return to business as normal.

How to attain and maintain a compliant medical practice

Patricia A. Trites

Contingency Planning

In light of many recent natural and unnatural disasters experienced in the United States, a sound emergency action plan is both reasonable and appropriate. The Security Rule states that each medical practice must “establish (and implement as needed) policies and procedures for responding to an emergency or other occurance (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.” The rule expands this further with implementation specifications for a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Operation Mode Plan. All of these elements are important to any medical practice that maintains an electronic system and can be reasonably accomplished. Most medical practices underastand that creating and maintaining backup copies of their computer systems is not only important, but imperative to maintain daily operations. Unforunately, these backup tapes or discs can be left sitting on top of the computer or server and then re-used without checking for a valid backup. Other medical practices will perform the backup procedures only once a week, if they remember, and then place the backups in an off-site location that is unsecured.

What happens when the medical practice has some form of system failure and must use the backup to restore the system? Has this ever been attempted? Many who have had to restore their backup media have found that it doesn’t work as advertised! That is why having a tested disaster recovery plan in place will help. Each medical practice should research alternative methods for backup systems as well as protecting the backup media.

There are many ways to prepare for disaster, each medical practice will have to assess its own risks, but developing appropriate policies and procedures and having them in place is the first step. This is called an Applications and Data Criticality Analysis in the Security Rule. The more critical the data, the more important it is to implement robust policies and procedures. For example, a medical practice that has converted to a paperless office, with medical records, lab, billing, etc. all on the computer system, will be more at risk than a medical practice that has only medical practice management billing records on its computer system. How will a paperless office operate if it loses power? How will it operate if a flood destroys its computer systems? How does the medical practice contact employees when a disaster happens in the middle of the night? Is being in the middle of a disaster the time to find out that the medical practice doesn’t have its employees’ contact information and that half of the staff have unlisted phone numbers? These are the types of questions each medical practice must ask about its organization; it then must come up with reasonable solutions to the potential disasters. These answers will make up the medical practice’s Emergency Operation Mode Plan.

One of the most important steps in developing a disaster recovery plan, backup plan, and emergency mode operations plan is testing the plans before they are needed. This is actually an addressable specification in the Security Rule, but isn’t it reasonable to test the systems the medical practice put into place? Once tested, the medical practice can make any modifications necessary to further refine the plans or correct any issues that occured. It is just as important to re-test the plans if the medical practice does make any modifications. If anything changes within the medical practice, sucs as setup of a new computer system, the plans should be revised and retested to make sure they work with a new system.

Disaster Recovery Planning for IT Sector

Shray Kapoor, published Nov 20, 2007

Information is the key attribute for any business, its software and hardware resources make business policies. Every business can suffer natural or man-made disasters, which can range from flooding, earthquake to a malformed SQL query which can corrupt the data-centre of business application. Therefore it is not only important to protect the IT resources, but also to recover them in case of any emergency. Business continuity planning also termed as disaster recovery plan caters to the above argument of efficiently recovering information and critical resources on which business depends for its continuity. DRP consists of a set of policies and procedures for reacting and recovering from IT disabling disasters, based on the severity of critical resources and probability of occurring an incident. [1]

Planning proceeds in steps, with a feedback loop to assess current strategies. Steps involved are: -

1) Assessment -

An assessment is an act of measuring and comparing. For IT sector assessment implies exploring and defining risks. Risk assessment starts with defining resources, such as software, hardware resources, communication nodes etc. This assessment is carried out using internal and external audits which are done on cycle basis, regularly by an auditing team. After doing an initial assessment of resources, they are ranked quantitatively according to their importance and likelihood of getting compromised. Quantitative analysis focus on estimated loss a threat can cause. Any outrage which can disrupt the normal functioning of business is qualified as a threat. Threat to IT sector is generally manmade such as a security incident or a viral infection, natural threats (flooding, earthquake) do have a major impact but their rate of occurrence disqualifies them quantitatively. Assessing security threats is known as vulnerability testing or penetration testing, which is generally done by third-party vendors and tools specifically designed to assess vulnerabilities in computer systems. [4]

Deliverables of Assessment phase are – Vulnerability assessment and resource definition document Business impact analysis report Detailed definition of requirements.

2) Establishing policies and procedures

Purpose of this step is to plan policies and procedures to mitigate the risk as far as possible. Policy establishes “what is and what is not required?” in context of business goals. A policy should be comprehensive and compact, because bulk of information renders it unmanageable. Every policy should meet the compliance of every department and every user involved in the business. In context of IT sector, policies should address:-

Authorization and authentication management Acceptable IT resources management Data restoration and backup policy Account management Log review Incidence response policies

Procedures to implement the policies include building of recovery teams from among the IT staff to take care of every issue. Procedures define how to deal with various aspects of resources addressed by policies, who is responsible and how the recovery process occurs. For example data recovery procedure should define how frequent the backups should be scheduled, what should be recovered first and how the plan moves in case of any incident?

3) Budgeting

Once the risks and policies are figured out, next step is to calculate the cost of implementing the plans so that they can befit business objectives. During budgeting one is required to assess the overall IT budget against the cost required for implementing a recovery plan. This phase should try to exactly forecast the overall cost and Return on investment (ROI) in implementing the plan. It depends on the risk levels to critical resources and their impact on overall business. Risk assessment matrix thus serves as a vital parameter for deciding which assets should be considered for recovery. Both IT and the business units must agree on which data and applications are most critical to the business and need to be recovered most quickly in a disaster. Ultimately it is the management sector who decides which threats are tolerable and to what extent. Cost estimates for recovery plan is only one part of budget. Staffing requirements, software subscriptions, hiring third-party consultants, performing vulnerability testing, training costs etc. are some other factors which contribute to the overall budget. Final requirement of an effective budget is that it should not be resilient; one should stick to the budget throughout the recovery phase.

4) Initial Plan Implementation and Testing

After having fixed the budget and respective plans, next phase is to implement and test those plans. Testing strategies tailored to the environment are setup and individual policies and plans are tested accordingly [3]. For example, database recovery plans can be tested by doing realistic assessment of backup procedures in a qualified environment with test data. Testing procedures should not interfere or affect any normal functioning of involved systems. In security aspects, implementing a security plan starts with procedures which aids in reducing risk levels, by first mitigating high risks and moving forward towards low risk areas. Penetration testing is done in this phase to test the security plan. Implementation and testing involves educating users, administrators and training them so that they become aware of new policies and meet security standards. Testing results should be recorded to update the DRP for any shortcomings. After the initial implementation and testing, policies are deployed in real environment and monitored regularly.

5) Reporting

Reporting is necessary and important part for any IT program. Reporting mainly addresses the management issues, management need to be made aware of how information and resources are being managed in the organization and what policies are in effect. Reports should include project progress report, risk measurement and ROI documents. Project progress report depicts current progress against schedules, minor and major issues involved and expected progress deadlines. Risk assessment is done on security metrics which involves, measuring vulnerability detection, number of security incidents, number of manmade disasters corrupting data resources, blocked attacks etc. Reporting should address not only security aspects but also malfunction of nodes operating within the network. Ultimately, report is the only document by which management can assess the effectiveness of any DRP.

The final objective of a DRP is to effectively respond to disasters. DRP response guidelines should meet the following objectives: -

Limiting business loss and human injuries Recover and contain the disaster as far as possible Initial assessment of damage.

References:

[1] Glen Kunene, How to Create a Disaster Recovery Plan Available at www.devx.com

[2] ISO 17799, Sarbanes – Oxley, & HIPAA Compliant: Disaster Recovery Plan Template

[3] Computer Security Administration, University of Toronto: Disaster recovery planning

[4] Eric Maiwald and William Sieglein, Security Planning & Disaster Recovery

[5] The security risks analysis directory: An introduction to risk assessment

You Never Know when a Disaster May Occur but You Can Know What to Do If One Does Occur

Alan Cohen, published Sep 26, 2005

Hurricane Katrina taught us a lesson. Disaster recovery is important! Hopefully we will never again have to experience the devastation that this natural event wreaked upon us. However, that event got many businesses thinking – “How safe is my data?” This article provides some basic steps that will help you recover your business’s data in case of a disaster.

How much data are you willing to lose? It may sound like a dumb question but it will help you determine your disaster recovery strategy. For example, many financial institutions use a technique called data mirroring or data shadowing. Every time a transaction is written, that same transaction is written to another disk at another location. For example, if your business is in New York City, a copy of your data is written or mirrored to a site in Philadelphia or wherever your backup site is located. If your business suffers physical damage, you have up-to-date data at another location. In theory, only the transaction being processed at the time of the disaster is lost.

This process is costly; you need to either purchase or rent extra computer equipment. You also need to enter into a contract with a company that provides data storage. Obviously this may not be cost-effective for your company. So, how much data are you willing to lose?

How often does your business backup its data? Every hour? Twice a day? Once a day? Once a week? Your backup schedule answers the previously asked question. If you backup twice a day you are willing to lose half a day’s worth of data. If you only backup weekly, you are willing to lose a week’s worth of data.

Backing up is extremely important. However, if your office is damaged, what about your backup media?

Store your data at an off-site facility. There are many companies that provide archiving and storage services. Be smart. Choose a facility at least 50 miles or so from your office. If there is a flood in your community, you don’t want your storage facility in the same town or city.

A main concern is resolved; you have your data. However, depending on the disaster, your office may be gone. Data is no good unless you have the technology available to put that data to work.

How long can you afford to be out of business? One day? One week? One month? Not at all? The answer to this question determines the type of off-site facility, if any, that you have.

There are three types of off-site facilities. They are: hot, warm, and cold. Many financial institutions, health care companies, and other critical companies use a hot site.

A hot site is a complete off-site replica of your data center. It includes all of the computer equipment, networking equipment, and any other technologies that are part of your data center. You are quite close to being up and running. This site is also the home of your off-site data storage. The data is ready to go. In some scenarios, there are desks, phones, and other office equipment ready to use.

A hot site is expensive. In addition to the cost of renting or purchasing the technology, you are also incurring a monthly rent. This type of site is like insurance; you pay monthly and hope that you never have to use it.

A warm site has the technology but is not as up-to-date or ready to use. You may have to supply some additional equipment to make this a replica of your office. You may also have to install programs and data because your off-site storage may not be part of this site. This type of site is less expensive, but it requires more time and work to have it run your business.

A cold site is a bare bones facility. You will need to bring in equipment, restore your data, and so on. It is the least expensive of the three solutions, but it incurs the more down time.

Certainly there are other solutions. If you are a small business, you may be able to quickly purchase some computers, restore your data and temporarily rent space until you can rebuild or relocate. The key is to have a plan. Don’t wait until the disaster strikes!

A good plan is documented. This fact is often overlooked. Don’t let your employees convince you that the information is in their head; they will know what to do. They may not be working for you anymore, or God forbid, depending on the type of disaster, they, the company, and you may not be alive.

Your plan includes all the instructions necessary to rebuild your business. It includes: how to hook up your equipment, instructions for installing software and restoring data, how to rebuild your email system, how to rebuild your phone PBX system, and so on. It includes contact information, who declares a disaster, and it may even include phone scripts that employees use to reassure your clients that your business is still feasible.

Include walk-throughs to ensure that your instructions are correct. Ensure that people read the document, or at least the sections that pertain to their responsibilities.

A disaster recovery plan is the best written-document that you pray will never have to be used. Be prepared. You never know when a disaster may occur but you can know what to do if one does.